Remote Code Execution Vulnerability in IBM WebSphere Automation
CVE-2024-54181

7.2HIGH

Key Information:

Vendor: IBM
Status: Websphere Automation
Vendor: CVE Published:; 30 December 2024

What is CVE-2024-54181?

IBM WebSphere Automation version 1.7.5 presents a significant security risk that enables a remote privileged user, granted access to the swagger UI, to execute arbitrary code. By utilizing specially crafted input, an attacker can exploit this vulnerability to gain control of the system, leading to potential data breaches or further compromise. Organizations using this version are advised to implement appropriate security measures and monitor for suspicious activities.

Affected Version(s)

WebSphere Automation 1.7.5

References

https://www.ibm.com/support/pages/node/7179994

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2024
Vulnerability Reserved
Nov 30, 2024